Chinaunix首页 | 论坛 | 博客
  • 博客访问: 70253
  • 博文数量: 15
  • 博客积分: 0
  • 博客等级: 民兵
  • 技术积分: 219
  • 用 户 组: 普通用户
  • 注册时间: 2014-01-21 17:53
文章分类
文章存档

2014年(15)

我的朋友

分类: 网络与安全

2014-05-20 11:57:11

:

ASA Version 8.4(2)

!

hostname fw

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface GigabitEthernet0

 nameif inside

 security-level 100

 ip address 192.168.1.254 255.255.255.0

!

interface GigabitEthernet1

 nameif dmz

 security-level 50

 ip address 172.16.1.254 255.255.255.0

!

interface GigabitEthernet2

 nameif outside

 security-level 0

 ip address 221.222.1.2 255.255.255.0

!

interface GigabitEthernet3

 shutdown

 no nameif

 no security-level

 no ip address

!

interface GigabitEthernet4

 shutdown

 no nameif

 no security-level

 no ip address

!

interface GigabitEthernet5

 shutdown

 no nameif

 no security-level

 no ip address

!

ftp mode passive

object network inside

 subnet 0.0.0.0 0.0.0.0

object network outside

 host 221.222.1.2

object network telnet

 host 172.16.1.2

object network www

 host 172.16.1.1

object network towww

 host 221.222.1.3

object network totelnet

 host 221.222.1.4

object network natoutside

 host 221.222.1.5

access-list outtodmz extended permit tcp any object www eq www

access-list outtodmz extended permit tcp any object www eq telnet

access-list outtodmz extended permit tcp any object telnet eq telnet

access-list outtodmz extended permit tcp any object telnet eq www

pager lines 24

mtu dmz 1500

mtu outside 1500

mtu inside 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

!

object network inside

 nat (dmz,outside) dynamic interface

object network telnet

 nat (dmz,outside) static interface service tcp telnet 2023

object network www

 nat (dmz,outside) static towww

access-group outtodmz in interface outside

route outside 0.0.0.0 0.0.0.0 221.222.1.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

telnet timeout 5

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

!

class-map inspection_default

 match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

 parameters

  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

 class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect ip-options

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect skinny

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip

  inspect xdmcp

  inspect icmp

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

call-home

 profile CiscoTAC-1

  no active

  destination address http

  destination address email callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

crashinfo save disable

Cryptochecksum:ceec7cf7a060a0ab5127d816542bb2db

: end
阅读(3066) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~